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AMENDMENTS TO THE CLAIMS 

This listing ofclaims replaces all prior versions, and listings, of claims in the application: 
Usjiq g ot Claims: 

I . (Currently Amended) In a computer network that includes different types of data 

aracturawtiffl&ffl^ * mcth0d f ° r aulhorizinB a 1C£ l uestine entity to opCratC . 

upon data structures in a standard manner, the method comprising: 

m .el of maintaining a plurality of role templates that define basic access permissions 
with respect to one or more command methods, wherein at least some of the role templates 
define thejLaiic access permissions in a manner that is independent of the type of data structure 

bei 1 1 y-Heeessi^jQiLcraJ^U'P-'ini 

an act of mainlining a plurality of role definitions that define access permissions for 

sl ^.jfi c ..r C (ujes1ii\^entilics by using one or more of the role templates; 

an act of receiving a request from the requesting entity to perform at least one of the 

command methods, the request identifying the requesting entity; 

an act of identifying a role definition corresponding to die requesting entity; and 

an act of determining access permissions for the requesting entity with respect to the 

command method using iho role definition corresponding to the requesting entity. 

2. (Currently Amended) A method in accordance with Claim 1, wherein the act of 
maintaining a pWitv- pluralitv of rote definitions that define access permissions for specific 
entities comprises: 

an act of the role definition corresponding to the requesting entity using at least one 
access permission that is specific to the requesting entity, wherein the access permission for the 
requesting entity are defined by the one or more role templates that arc used by the 
corresponding role definition as well as the access permission that is specific to the requesting 
entity. 

3. (Original) A method in accordance with Claim 1, wherein the request includes an 
identification of eredjitials used to authenticate the requesting entity, wherein the role definition 
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corresponding to the requesting entity is identified using the credential identification, wherein 
different role definitions may apply depending on the credentials. 

4. (Original) A method in accordance with Claim 1, wherein the request identifies the 
requesting entity by identifying a user as well as a corresponding application that is making the 
request, wherein different role definitions may apply depending on both the identification of the 
user ns well as the corresponding application. 

5. (Original) A method in accordance with Claim ), wherein the act of maintaining a 
plurality ofrole templates that define basic access permissions comprises the following: 

an act of maintaining a role map document that contains all of the role templates for a 
particular service. 

G. (Original) A method in accordance with Claim 5, wherein the act of maintaining a 
role map document that contains all of the role templates for a particular service comprises the 
following: 

an act of defining one or more scopes that describe views on a data structure; and 
an act of defining a role template by associating a method type with one of the one or • 
more scopes. 

7. (Original) A method hi accordance with Claim 5, wherein the act of maintaining a 
role map document thai contains all of the role templates for a particular service comprises the 
following: 

an act of maintaining a role map document as a hierarchical data structure. 

8. (Original) A method in accordance with Claim 5, wherein the act of maintaining a 
role map document that contains all of the role templates for a particular service comprises the 

following: • ; 

an act of maintaining a role map document as an XML document. 
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9. (Original) A method in accordance with Claim 1, wherein the act of maintaining a 
" plurality of role definitions that define access permissions for specific entities by using one or 
' ' more of the role templates comprises the following: 

an act of maintaining a role list document that contains all of the role definitions for 
requesting entities that may attempt to access data structures belonging to an identity. 



10. (Currently Amended) A method in accordance with Claim 9, wherein the act of 
maintaining a role list document comprises the following: 

on act of defining a role definition by referencing a role template included in a role map 

document Jhcio1o_m^]^ 



• 11. (Original) A method in accordance with Claim 10, wherein the act of maintaining a 

; • role list document comprises the following: 

an act olmaintamiiig a role list document as a hierarchical data structure. 

12. (Original) A method in accordance with Claim 10, wherein the act of maintaining a 
role list document comprises the following: 

an act of maintaining a role list document as an XML document, 

13. (Original) A method in accordance with claim 1, wherein the act of receiving a 
request from the requesting entity to perform at least one of the command methods comprises the 
following: 

an act of receiving a request from the requesting entity to insert a portion into the data 
sirucUuc 

14. (Original) A method in accordance with claim 1, wherein the act of receiving a 
request from the requesting entity to perform at least one of the command methods comprises the 

: • following: 

an act of recei ving a request from the requesting entity to delete a portion from the data 
struct ure. 
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15. (Original) A method in accordance with claim 1, wherein the act of receiving a 
request from the requesting entity to perform at least one of the command methods comprises the 
following: 

an act of receiving a request from the requesting entity to update a portion of the data 
.structure. 

16. (Original) A method in accordance with claim 1, wherein the act of receiving a 
request (torn the requesting entity to perform at least one of the command methods comprises the 
following: 

an act of receiving a request from the requesting entity to replace a portion of the data 
structure, 

17. (Original) A method in accordance with claim 1, wherein the act of receiving a 
request from the requesting entity to perform at least one of the command methods comprises the 
following: 

an act of receiving a request from the requesting entity to query regarding a portion of the 
. data structure. 

IS. (Original) A method as recited in Claim 1, wherein the one or more command 
methods comprise a set including insert, delete, query, update, and replace. 

19. (Original) A method as recited in Claim 1, wherein the data structure represents in- 
box information. 

20. (Original) A method as recited in Claim 1, wherein the data structure represents 
calendar information. 

21. (Original) A method as recited in Claim 1, wherein the data structure represents 
document information. 
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22. (Original) A method as rcciled in Claim 1, wherein the data structure represents 
i notification information. 

23. (Original) A method as recited in Claim 1, wherein the dala structure represents 
content information. 

• 24. (Original) A method us recited in Claim 1 , wherein the data structure represents rote 

list information. 

25. (Original) A method as recited in Claim 1, wherein the data structure represents 

i 

! system information. 

! 26. (Original) A method as recited in Claim 1, wherein the act of identifying a role 

! definition corresponding to the requesting entity comprises: 

: i an act of identifying the role definition by searching a database. 

27. (Original) A method as recited in Claim 1, wherein the act of identifying a role 
i definition corresponding to the requesting entity comprises: 

an act of identifying the role definition based on authorized role information provided 

within the veqticsl. 

28. (Original) A method as recited in Claim 27, wherein ihe authorized role information 
•includes an identification ofa role template. 

i 

29. (Original) A method as recited in Claim 28, wherein the authorized role information 
further includes an identification of at least one refined, local scope for modifying the role 
template. 

30. (Cancelled). 



i 
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3 1 . (Currently Amended) 1 n a computer network that includes different types or data 
t^imj&ntSUimB^Sti^ a mcthotl for aulhorizin B a requesting entity to operate 
upon data structures in a standard manner, the method comprising: 

an act of maintaining a number of vole templates that define basic access permissions 
Willi respect to a number of command methods, wherein at least some of the role templates 
define the has»Q_acccss permissions in a manner that is independent of the type ordata structure 

bcinU"aei^ssedj}ncralMllK.°Jli and 

a step for authorizing a requesting entity using the role templates in a manner that is 

independent of the type of data structure being accessed. 

32. (Currently Amended) A method in accordance with Claim 31, wherein die step 
for authorizing a requesting entity using the role templates comprises the following: 

an act of maintaining a plurality of role definitions that define access permissions for 
I speoifHJ-rcccivjiig_cntilies by using one or more of the role templates; 

an act of receiving a request from the requesting entity to perform at least one of the 
command methods, the request identifying the requesting entity; 

an act of identifying a role definition corresponding to the requesting entity; and 

an act of determining access permissions for the requesting entity with respect to the 
command method using the role definition corresponding to the requesting entity. 

33. (Currently Amended) A compateiHF&ad ablo mo diuta— eemp rioing c omputer 
exeoutabte-imtractfe^ ror^to^^ m Claim 31 a _whcrejn 
the act.aqd^ep„arejicifoiTTjsd b y commit cr- executablc instruction s ...embodied within a p hysical 
rjjfl'PtVlfft-yg- ^ble me dium. 
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34. (Currently Amended) A computer program product for use in a computer network 
I that includes different types of data structures of on. or more specific entities , the computer 
' program product for implementing a method for authorizing a requesting entity to operate upon 
data structures in a standard manner, the computer program product comprising one or more 
I physical computer-readable media have stored thereon the following: 

1 " computer-executable instructions for maintaining a plurality of role templates that define 
basic access permissions with respect to one or more command methods, wherein at least some 
of the role templates delinc lhej>a,5ie_acce«s permissions in a manner that is independent of the 
type 6f data structure bcing-a^es^^i)eiM5Lduj)Oiii 

computer-executable instructions for maintaining a plurality of role definitions that delinc 
I access permissions for sj>e&in^reeeiymg.cntities by using one or more of the role templates; 
' computer-executable instructions for detecting the receipt of a request from the 

requesting entity to perform at least one of the command methods, the request identifying the 
requesting entity; 

computer-executable instructions for identifying a role definition corresponding to the 
requesting entity; and 

computer-executable instructions for determining access permissions for the requesting 
entity with respect to the command method using the role definition corresponding to the 
, requesting entity. 

35. (Currently Amended) A computer program product as recited in Claim 31, 
| wherein the one or more pJ\ysjcjLcomputcr-readab1c media arc physieal-storage media. 
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36. (Currently Amended) In a computer network that includes different services, 
applications, and an authorization station, the applications submitting requests to perform 
operations on different data structures managed by the different services, a system for isolating 
the authorization process from the services so that the services need not independently authorize 
each request they receive from llio number of applications, the system comprising: 

a plurality of services, each service configured to facilitate operations on one or more 

types of data structures; 

an authorization stalion configured to receive requests from a number of applications to 
operate upon data structures managed by any of the number of services, the authorization station 
contigured to perform the following: 

receive a request I^_aj£qjL^ig-§Q^- to perform a target operation upon a 
target data structure managed by a target service; 

Sg-jgOJP te tem plate that defines basic authorizations with respocHaja»S-OX 
3,U^am?'?n g - i™ 1 " ^"*-' at least lhc to rgct rt P crafiQ "- wherein Ihe role template define? 
the, haste author ization s Jn a manner that is independent of the targctjlata structure 

desired to be operated upoihi 

determine that the corresponding requesting entity is authorized to perform the 
target operation on the target data structure; and 

communicate to the target service that the requesting entity is authorized to 
perform the target operation on the target data structure. 

37. (Now) A method as recited in Claim 1 , wherein the act of maintaining a plurality 
of role definitions that defino access permissions for requesting entities by using one or more of 
the rote templates comprises the following: 

an act of maintaining a plurality of role definitions for the requesting entity, wherein the 
plur ality of role definitions correspond to a plurality of authentication methods. 
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38. (New) A method m recited in Claim 1, wherein the act of identifying a role 
definition corresponding to the requesting entity comprises the following: 

' an act of referencing a role template; and 
an act of refining a scope referenced in the role template, wherein the refinement occurs 

at a user level. 

39. (New) A method as recited in Claim 1, wherein the act of determining access 
permissions for the requesting entity with respect to the command method using the role 
definition corresponding to die requesting comprises the following: 

an act of determining access permissions below the data structure level. 
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